[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security testing: need for a security policy, and a security-critical package process





On Tue, 24 Nov 2009, Bill Nottingham wrote:

I don't want to ship a desktop that doesn't let the user do useful
things.

And you can ship a desktop SPIN that way. But the base pkgs should
not install with an insecure set of choices.

if you want the spin to have a post-scriptlet which allows more
things, then that's the choice of the desktop sig over the desktop
spin.

Given how .pkla works, this is likely to be done with packages, not
with %post hackery. (Which should make it much easier to reliably
test, as well.)

provided those pkgs are not required anywhere or set in our default pkg groups, then sure.

-sv


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]